I seem to be having a small problem with something in the logcheck.ignore file. The default setup for the logcheck package under debian already contains this entry in logcheck.ignore to avoid reporting this common cron job:
/USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi) which works fine, but there is another very similar (but different) cron job that also runs which isn't caught by the above regex and is reported by logcheck as an "Unusual System Event". Here is one example: /USR/SBIN/CRON[4922]: (mail) CMD ( if [ -x /usr/sbin/exim -a -f /etc/exim.conf ]; then /usr/sbin/exim -q >/dev/null 2>&1; fi) So I added the following regex to catch it: /USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim -a -f /etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi) (after simply trying to add a '.*' between '/usr/sbin/exim' and ']' unsuccessfully) but to no avail. I still recieve warnings about it, even though I believe I am properly covering it. Does anyone have an idea what I might be doing wrong? -Rob
